I'm setting up a small ESXi cluster and my head is starting to spin a bit when I try to figure out how I should approach the IP addressing of servers. Here is my setup so far.
The 2 ESXi Hosts reside in a remote datacenter. Because of this the Management Interfaces are initially on public IP addresses, 220.127.116.11 and 18.104.22.168. Yes I know this is bad, but its just while we get the initial config done.
On the first host I've set up a (virtual) firewall VM with its external interface in the same vSwitch as the Management Interface, and with another public IP 22.214.171.124. There is another vSwitch with all the VMs on, and a private IP range. 126.96.36.199/24. These are protected by the firewall and can access the internet through it. They will eventually be accesed by staff over a VPN mediated by the Firewall. They will be a Zimbra Server, a BESx server and a Windows 2008 server which is to hold the vCenter. These will be mirrored over to the other ESXi center with HA failover.
All good so far.
Now I'm at the stage where I want to install the vCenter Windows server and I've been reading through the documentation. It was my intention to install it in the Private LAN switch. However the IP addresses of the two ESXi servers are public. So, first question, will this cause problems initially? From what I've read the IP of the vCenter needs to be in the same subnet as the ESXi management interfaces ...
Later on, I'll be moving the IPs of the ESXi management interfaces behind a firewall. Will that cause problems, or is it just as simple as changing an IP in the vCenter Config?
Next I have a bunch of questions about the HA networking setup. The vmware sales person who sold us this, told us we'd need a dedicated interface for HA replication of VMs to the other ESXi host, and another one for Shared Storage between the two ESXi hosts. To do this we have Cat 5 cable connecting two ports on both machines. I can see the interfaces in vSphere management console and they're both up.
So my question is should I be using a separate IP subnet for these HA and shared storage NICs? For example, I'd go to the Private LAN vswitch assign a vmkernel port to one of the interfaces, and then give it an IP of 10.2.3.4, and then go to the other ESXi host and give it an IP of 10.2.3.5? Or do I stick with the 192.168.1.x subnet for these interfaces?
I've been looking around the internet for a day or so, and reading manuals, but I haven't found anything that gives me a really good blow by blow account, with actual IP addresses. I gather my situation is unusual in that I'm trying to do this in a datancenter half way across the world, and this has introduced a lot of extra complications.
1. vCenter absolutely does NOT need to be on the same subnet as your ESXi management interfaces.
2. As long as you have working DNS and the ESXI hosts are properly defined (i.e A and PTR records) you can change the IP address of ESXi post-install.
3. In general, you should have a dedicated interface for Fault Tolerance (FT) and a dedicated interfaces for the vmkernel traffic (management, vMotion). If you have enough physical NICs you should actually have more than one defined for the management network. It sounds like you are going to use IP storage (NAS or iSCSI)--in this case you should always have a dedicated NIC for storage communication.
4. FT and management traffic do NOT need to be on the same subnet. If you have the ability to put your ESXi management interfaces on a dedicated subnet (non-routed behind a firewall); I would recommend doing that for security.
Many thanks for your reply. I do try to answer questions in other forums about subjects where I have more knowledge, but in this one, I'm very much the novice! I have to say I'm finding the documentation very generic, and haven't really found anything that walks me through the setup with practical advice. Step one, step two, step three. etc.